diff options
| author |   Christophe Leroy <christophe.leroy@c-s.fr> | 2020-01-24 11:54:40 +0000 |
|---|---|---|
| committer |   Michael Ellerman <mpe@ellerman.id.au> | 2020-01-28 23:13:17 +1100 |
| commit | 6ec20aa2e510b6297906c45f009aa08b2d97269a (patch) | |
| tree | 0f2bb05b0963cd7aa4666aa21fa49d01c049bbf1 /arch/powerpc/mm/fault.c | |
| parent | readdir: make user_access_begin() use the real access range (diff) | |
| download | linux-dev-6ec20aa2e510b6297906c45f009aa08b2d97269a.tar.xz linux-dev-6ec20aa2e510b6297906c45f009aa08b2d97269a.zip | |
powerpc/32s: Fix bad_kuap_fault()
At the moment, bad_kuap_fault() reports a fault only if a bad access
to userspace occurred while access to userspace was not granted.
But if a fault occurs for a write outside the allowed userspace
segment(s) that have been unlocked, bad_kuap_fault() fails to
detect it and the kernel loops forever in do_page_fault().
Fix it by checking that the accessed address is within the allowed
range.
Fixes: a68c31fc01ef ("powerpc/32s: Implement Kernel Userspace Access Protection")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/f48244e9485ada0a304ed33ccbb8da271180c80d.1579866752.git.christophe.leroy@c-s.fr
Diffstat (limited to 'arch/powerpc/mm/fault.c')
| -rw-r--r-- | arch/powerpc/mm/fault.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index b5047f9b5dec..1baeb045f7f4 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -233,7 +233,7 @@ static bool bad_kernel_fault(struct pt_regs *regs, unsigned long error_code, // Read/write fault in a valid region (the exception table search passed // above), but blocked by KUAP is bad, it can never succeed. - if (bad_kuap_fault(regs, is_write)) + if (bad_kuap_fault(regs, address, is_write)) return true; // What's left? Kernel fault on user in well defined regions (extable |